diff options
author | Jan Cholasta <jcholast@redhat.com> | 2014-06-09 16:04:09 +0200 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-07-30 16:04:21 +0200 |
commit | d2bf0b8b540e4efdb5ef06a449310f9a04a2eb17 (patch) | |
tree | d9d95c32799bc4141f2d8bcda301624be413b51d /ipaserver/install/httpinstance.py | |
parent | 9d4eeeda55b397237af17392f3acb9542e126145 (diff) | |
download | freeipa-d2bf0b8b540e4efdb5ef06a449310f9a04a2eb17.tar.gz freeipa-d2bf0b8b540e4efdb5ef06a449310f9a04a2eb17.tar.xz freeipa-d2bf0b8b540e4efdb5ef06a449310f9a04a2eb17.zip |
Fix trust flags in HTTP and DS NSS databases.
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Diffstat (limited to 'ipaserver/install/httpinstance.py')
-rw-r--r-- | ipaserver/install/httpinstance.py | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 3ca3bf77f..56f8a8910 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -269,8 +269,13 @@ class HTTPInstance(service.Service): db = certs.CertDB(self.realm, subject_base=self.subject_base) if self.pkcs12_info: + if api.env.enable_ra: + trust_flags = 'CT,C,C' + else: + trust_flags = None db.create_from_pkcs12(self.pkcs12_info[0], self.pkcs12_info[1], - passwd=None, ca_file=self.ca_file) + passwd=None, ca_file=self.ca_file, + trust_flags=trust_flags) server_certs = db.find_server_certs() if len(server_certs) == 0: raise RuntimeError("Could not find a suitable server cert in import in %s" % self.pkcs12_info[0]) |